SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

Hey guys,

I have a spicy question (sorry was cheesy :D)

Is there a way to lookup the type of objects which a subject can for example `read`?

let's say the `user:subject1`  has `read` permission to `book` objectType but there is no relation instance created yet.

I want to pass `user:subject1` and `read` and get all the types which the subject1 can potentially have `read` permission to. Is this possible?

so you'd want it to return the resource types that have `read` permission and where the user has `read` access to at least 1 resource?

This is not possible today, but I could see this being possible with a mixture of reflection and `LookupResources`.
- Determine all the resources that have a permission named `read` with Reflection API (see proposal https://github.com/authzed/spicedb/issues/1505)
- Issue calls for `user:subject1` and `LookupResources` over each one of the resource types identified as having `read`

Another option that could make the above easier to run is to have the equivalent of `BulkPermissionCheck` for `LookupResources`